What is CVE-2017-4919?

CVE-2017-4919 is a critical-severity vulnerability in Vmware Vcenter_server, classified under Missing Authentication for Critical Function. CVSS score: 9.0/10. Published 2017-07-28.

How severe is CVE-2017-4919?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Auth bypass in Vmware Vcenter_server

CVE-2017-4919

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

Vulnerability class: Broken Authentication

EPSS: 0.009 (76.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Vmware Vcenter_server — versions 5.5, 6.0, 6.5
Vmware Vcenter Server — versions VMware vCenter Server 5.5.x, 6.0.x, 6.5.x

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
security@vmware.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-4919?: CVE-2017-4919 is a critical-severity vulnerability in Vmware Vcenter_server, classified under Missing Authentication for Critical Function. CVSS score: 9.0/10. Published 2017-07-28.
How severe is CVE-2017-4919?: Critical severity. CVSS v3 base score is 9.0 out of 10.